{% extends "base.html" %}
{% load humanize %}
{% load widget_tweaks %}
{% load static %}
{% load show_cvss %}

{% block title %}
VulnerableCode Vulnerability Details - {{ vulnerability.vulnerability_id }}
{% endblock %}

{% block content %}
<section class="section pt-0">
    {% include "vulnerability_search_box.html" %}
</section>

{% if vulnerability %}
<section class="section pt-0">
    <div class="details-container">
        <article class="panel is-info panel-header-only">
            <div class="panel-heading py-2 is-size-6">
                Vulnerability details:
                <span class="tag is-white custom">
                    {{ vulnerability.vulnerability_id }}
                </span>
            </div>
        </article>

        <div class="tabs is-boxed" id="tabs">
            <ul>
                <li class="is-active" data-tab="essentials">
                    <a>
                        <span>Essentials</span>
                    </a>
                </li>
                <li data-tab="fixed-by">
                    <a>
                        <span>
                            <span class="affected-fixed">Fixed by</span> packages ({{ fixed_by_packages|length }})
                        </span>
                    </a>
                </li>
                <li data-tab="affected-packages">
                    <a>
                        <span>
                            <span class="affected-fixed">Affected</span> packages ({{ affected_packages|length }})
                        </span>
                    </a>
                </li>
                <li data-tab="references">
                    <a>
                        <span>
                            References ({{ references|length }})
                        </span>
                    </a>
                </li>
                <li data-tab="severities-vectors">
                        <a>
                            <span>
                                Severities vectors ({{ severity_vectors|length }})
                            </span>
                        </a>
                    </li>

                {% if vulnerability.kev %}
                    <li data-tab="known-exploited-vulnerabilities">
                        <a>
                            <span>
                                Known Exploited Vulnerabilities
                            </span>
                        </a>
                    </li>
                {% endif %}

                <li data-tab="epss">
                        <a>
                            <span>
                                EPSS
                            </span>
                        </a>
                    </li>

                <li data-tab="history">
                    <a>
                        <span>
                            History ({{ history|length }})
                        </span>
                    </a>
                </li>
            </ul>
        </div>
        <div id="tab-content">
            <div class="tab-div is-active" data-content="essentials">
                <div class="tab-nested-div">
                    <table class="table vcio-table width-100-pct mt-2">
                        <tbody>
                            <tr>
                                <td class="two-col-left">Vulnerability ID</td>
                                <td class="two-col-right">{{ vulnerability.vulnerability_id }}</td>
                            </tr>
                            <tr>
                                <td class="two-col-left">Aliases</td>
                                <td class="two-col-right">
                                    {% for alias in aliases %}
                                    {% if alias.url %}
                                    <a href={{ alias.url }} target="_blank">{{ alias }}<i
                                            class="fa fa-external-link fa_link_custom"></i></a>
                                    {% else %}
                                    {{ alias }}
                                    {% endif %}
                                    <br />
                                    {% endfor %}
                                </td>
                            </tr>
                            <tr>
                                <td class="two-col-left">Summary</td>
                                <td class="two-col-right wrap-strings">{{ vulnerability.summary }}
                                </td>
                            </tr>
                            {% if severity_score_range %}
                            <tr>
                                <td class="two-col-left">Severity score range</td>
                                <td class="two-col-right">{{ severity_score_range }}
                                </td>
                                {% endif %}
                            </tr>
                            <tr>
                                <td class="two-col-left">Status</td>
                                <td class="two-col-right">{{ status }}</td>
                            </tr>
                        </tbody>
                    </table>
                </div>

                <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
                    Severity ({{ severities|length }})
                </div>
                <div class="tab-nested-div">
                    <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                        <tr>
                            <th style="width: 160px;"> System </th>
                            <th style="width: 100px;"> Score </th>
                            <th> Found at </th>
                        </tr>
                        {% for severity in severities %}
                        <tr>
                            <td class="wrap-strings">{{ severity.scoring_system }}</td>
                            <td class="wrap-strings">{{ severity.value }}</td>
                            {% if severity.reference.url %}
                            <td class="wrap-strings"><a href="{{ severity.reference.url }}" target="_blank">
                                    {{ severity.reference.url }}<i class="fa fa-external-link fa_link_custom"></i></a>
                            </td>
                            {% else %}
                            <td class="wrap-strings">{{ severity.reference.reference_id }}</td>
                            {% endif %}
                        </tr>
                        {% empty %}
                        <tr>
                            <td colspan="3">
                                There are no known severity scores.
                            </td>
                        </tr>
                        {% endfor %}
                    </table>
                </div>

                <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
                    <span class="affected-fixed">Fixed by</span> packages ({{ fixed_by_packages|length }})
                </div>
                <div class="tab-nested-div">
                    <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                        {% for package in fixed_by_packages|slice:":3" %}
                        <tr>
                            <td>
                                <a href="{{ package.get_absolute_url }}" target="_self">{{ package.purl }}</a>
                                <br />
                            </td>
                        </tr>
                        {% empty %}
                        <tr>
                            <td>
                                There are no known <span class="affected-fixed">fixed by</span> packages.
                            </td>
                        </tr>
                        {% endfor %}
                        {% if fixed_by_packages|length > 3 %}
                        <tr>
                            <td>
                                See <a href="#" onclick="goToTab('fixed-by')"><i><span class="affected-fixed">Fixed
                                            by</span> packages</i></a> tab for more
                            </td>
                        </tr>
                        {% endif %}
                    </table>
                </div>

                <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
                    <span class="affected-fixed">Affected</span> packages ({{ affected_packages|length }})
                </div>
                <div class="tab-nested-div">
                    <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                        {% for package in affected_packages|slice:":3" %}
                        <tr>
                            <td>
                                <a href="{{ package.get_absolute_url }}" target="_self">{{ package.purl }}</a>
                                <br />
                            </td>
                        </tr>
                        {% empty %}
                        <tr>
                            <td>
                                There are no known <span class="affected-fixed">affected</span> packages.
                            </td>
                        </tr>
                        {% endfor %}
                        {% if affected_packages|length > 3 %}
                        <tr>
                            <td>
                                See <a href="#" onclick="goToTab('affected-packages')"><i><span
                                            class="affected-fixed">Affected</span> packages</i></a> tab for more
                            </td>
                        </tr>
                        {% endif %}
                    </table>
                </div>

                <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
                    Weaknesses ({{ weaknesses|length }})
                </div>
                <div class="tab-nested-div">
                    <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                        {% for weakness in weaknesses %}
                        <tr>
                            <td class="wrap-strings">CWE-{{ weakness.cwe_id }}</td>
                            <td class="wrap-strings">
                                <a href="https://cwe.mitre.org/data/definitions/{{ weakness.cwe_id }}.html"
                                    target="_blank"
                                    title="CWE-{{ weakness.cwe_id }} : description: {{weakness.description}}">
                                    {{ weakness.name }} <i class="fa fa-external-link fa_link_custom"></i>
                                </a>
                            </td>

                        </tr>
                        {% empty %}
                        <tr>
                            <td colspan="3">
                                There are no known CWE.
                            </td>
                        </tr>
                        {% endfor %}
                    </table>
                </div>
            </div>

            <div class="tab-div content" data-content="references">
                <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
                    <thead>
                        <tr>
                            <th style="width: 250px;"> Reference id </th>
                            <th style="width: 250px;"> Reference type </th>
                            <th> URL </th>
                        </tr>
                    </thead>
                    {% for ref in references %}
                    <tr>
                        {% if ref.reference_id %}
                        <td class="wrap-strings">{{ ref.reference_id }}</td>
                        {% else %}
                        <td></td>
                        {% endif %}

                        {% if ref.reference_type %}
                        <td class="wrap-strings">{{ ref.get_reference_type_display }}</td>
                        {% else %}
                        <td></td>
                        {% endif %}

                        <td class="wrap-strings"><a href="{{ ref.url }}" target="_blank">{{ ref.url }}<i
                                    class="fa fa-external-link fa_link_custom"></i></a></td>
                    </tr>
                    {% empty %}
                    <tr>
                        <td colspan="2">
                            There are no known references.
                        </td>
                    </tr>
                    {% endfor %}
                </table>
            </div>

            <div class="tab-div content" data-content="affected-packages">
                <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
                    <thead>
                        <tr>
                            <th><span
                                    class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                    data-tooltip="The package url or purl is a URL string used to identify and locate a software package.">
                                    Package URL</span>
                            </th>
                        </tr>
                    </thead>
                    <tbody>
                        {% for package in affected_packages %}
                        <tr>
                            <td>
                                <a href="{{ package.get_absolute_url }}?search={{ package.purl }}" target="_self">{{ package.purl }}</a>
                            </td>
                        </tr>
                        {% empty %}
                        <tr>
                            <td>
                                This vulnerability is not known to affect any packages.
                            </td>
                        </tr>
                        {% endfor %}
                    </tbody>
                </table>
            </div>

            <div class="tab-div content" data-content="fixed-by">
                <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
                    <thead>
                        <tr>
                            <th><span
                                    class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                    data-tooltip="The package url or purl is a URL string used to identify and locate a software package.">
                                    Package URL</span>
                            </th>
                        </tr>
                    </thead>
                    <tbody>
                        {% for package in fixed_by_packages %}
                        <tr>
                            <td>
                                <a href="{{ package.get_absolute_url }}?search={{ package.purl }}" target="_self">{{package.purl }}</a>
                            </td>
                        </tr>
                        {% empty %}
                        <tr>
                            <td>
                                This vulnerability is not known to be fixed by any packages.
                            </td>
                        </tr>
                        {% endfor %}
                    </tbody>
                </table>
            </div>
            <div class="tab-div content" data-content="severities-vectors">
                    {% for severity_vector in severity_vectors %}
                        {% if severity_vector.version == '2.0'  %}
                            Vector: {{ severity_vector.vectorString }}
                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                              <tr>
                                <th>Exploitability (E)</th>
                                <th>Access Vector (AV)</th>
                                <th>Access Complexity (AC)</th>
                                <th>Authentication (Au)</th>
                                <th>Confidentiality Impact (C)</th>
                                <th>Integrity Impact (I)</th>
                                <th>Availability Impact (A)</th>
                              </tr>
                              <tr>
                                <td>{{ severity_vector.exploitability|cvss_printer:"high,functional,unproven,proof_of_concept,not_defined" }}</td>
                                <td>{{ severity_vector.accessVector|cvss_printer:"local,adjacent_network,network" }}</td>
                                <td>{{ severity_vector.accessComplexity|cvss_printer:"high,medium,low" }}</td>
                                <td>{{ severity_vector.authentication|cvss_printer:"multiple,single,none" }}</td>
                                <td>{{ severity_vector.confidentialityImpact|cvss_printer:"none,partial,complete" }}</td>
                                <td>{{ severity_vector.integrityImpact|cvss_printer:"none,partial,complete" }}</td>
                                <td>{{ severity_vector.availabilityImpact|cvss_printer:"none,partial,complete" }}</td>
                              </tr>
                            </table>
                        {% elif severity_vector.version == '3.1' or severity_vector.version == '3.0'%}
                            Vector: {{ severity_vector.vectorString }}
                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                                  <tr>
                                    <th>Attack Vector (AV)</th>
                                    <th>Attack Complexity (AC)</th>
                                    <th>Privileges Required (PR)</th>
                                    <th>User Interaction (UI)</th>
                                    <th>Scope (S)</th>
                                    <th>Confidentiality Impact (C)</th>
                                    <th>Integrity Impact (I)</th>
                                    <th>Availability Impact (A)</th>
                                  </tr>
                                  <tr>
                                    <td>{{ severity_vector.attackVector|cvss_printer:"network,adjacent_network,local,physical"}}</td>
                                    <td>{{ severity_vector.attackComplexity|cvss_printer:"low,high" }}</td>
                                    <td>{{ severity_vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
                                    <td>{{ severity_vector.userInteraction|cvss_printer:"none,required"}}</td>
                                    <td>{{ severity_vector.scope|cvss_printer:"unchanged,changed" }}</td>
                                    <td>{{ severity_vector.confidentialityImpact|cvss_printer:"high,low,none" }}</td>
                                    <td>{{ severity_vector.integrityImpact|cvss_printer:"high,low,none" }}</td>
                                    <td>{{ severity_vector.availabilityImpact|cvss_printer:"high,low,none" }}</td>
                                  </tr>
                                </table>
                        {% elif severity_vector.version == '4' %}
                            Vector: {{ severity_vector.vectorString }}
                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                                  <tr>
                                    <th>Attack Vector (AV)</th>
                                    <th>Attack Complexity (AC)</th>
                                    <th>Attack Requirements (AT)</th>
                                    <th>Privileges Required (PR)</th>
                                    <th>User Interaction (UI)</th>
                                      
                                    <th>Vulnerable System Impact Confidentiality (VC)</th>
                                    <th>Vulnerable System Impact Integrity (VI)</th>
                                    <th>Vulnerable System Impact Availability (VA)</th>
                                      
                                    <th>Subsequent System Impact Confidentiality (SC)</th>
                                    <th>Subsequent System Impact Integrity (SI)</th>
                                    <th>Subsequent System Impact Availability (SA)</th>
                                  </tr>
                                  <tr>
                                    <td>{{ severity_vector.attackVector|cvss_printer:"network,adjacent,local,physical"}}</td>
                                    <td>{{ severity_vector.attackComplexity|cvss_printer:"low,high" }}</td>
                                    <td>{{ severity_vector.attackRequirement|cvss_printer:"none,present" }}</td>
                                    <td>{{ severity_vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
                                    <td>{{ severity_vector.userInteraction|cvss_printer:"none,passive,active"}}</td>
                                      
                                    <td>{{ severity_vector.vulnerableSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
                                    <td>{{ severity_vector.vulnerableSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
                                    <td>{{ severity_vector.vulnerableSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>
                                      
                                    <td>{{ severity_vector.subsequentSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
                                    <td>{{ severity_vector.subsequentSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
                                    <td>{{ severity_vector.subsequentSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>
                                  </tr>
                                </table>
                        {% elif severity_vector.version == 'ssvc' %}
                            <hr/>
                            Vector: {{ severity_vector.vectorString }}
                            <hr/>
                        {% endif %}
                        {% empty %}
                            <tr>
                                <td>
                                    There are no known vectors.
                                </td>
                            </tr>
                        {% endfor %}
                </div>
            {% if vulnerability.kev %}
                <div class="tab-div content" data-content="known-exploited-vulnerabilities">
                    <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-1">
                        Known Exploited Vulnerabilities
                    </div>
                    <table class="table vcio-table width-100-pct mt-2">
                            <tbody>
                                <tr>
                                    <td class="two-col-left">
                                        <span class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                        data-tooltip="'Known' if this vulnerability is known to have been leveraged as part of a ransomware campaign; 'Unknown' if CISA lacks confirmation that the vulnerability has been utilized for ransomware">
                                        Known Ransomware Campaign Use:
                                        </span>
                                    </td>
                                    <td class="two-col-right">{{ vulnerability.kev.get_known_ransomware_campaign_use_type }}</td>
                                </tr>
    
                                {% if vulnerability.kev.description %}
                                    <tr>
                                        <td class="two-col-left">
                                            <span class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                                data-tooltip="Description of the vulnerability in the Known Exploited Vulnerabilities
                                                (KEV) catalog, usually a refinement of the original CVE description.">
                                                Description:
                                            </span>
                                        </td>
                                        <td class="two-col-right">{{ vulnerability.kev.description }}</td>
                                    </tr>
                                {% endif %}
                                {% if vulnerability.kev.required_action %}
                                    <tr>
                                        <td class="two-col-left">
                                            <span class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                                    data-tooltip="The required action to address the vulnerability">
                                                    Required Action:
                                            </span>
                                        </td>
                                        <td class="two-col-right">{{ vulnerability.kev.required_action }}</td>
                                    </tr>
                                {% endif %}
    
                                {% if vulnerability.kev.resources_and_notes %}
                                    <tr>
                                        <td class="two-col-left">
                                            <span class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                                        data-tooltip="Any additional notes about the vulnerability">
                                                        Notes:
                                            </span>
                                        </td>
                                        <td class="two-col-right">{{ vulnerability.kev.resources_and_notes }}</td>
                                    </tr>
                                {% endif %}
    
                                {% if vulnerability.kev.due_date %}
                                    <tr>
                                        <td class="two-col-left">
                                            <span class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                                    data-tooltip="The date the required action is due in the format YYYY-MM-DD">
                                                    Due Date:
                                            </span>
                                        </td>
                                        <td class="two-col-right">{{ vulnerability.kev.due_date }}</td>
                                    </tr>
                                {% endif %}
                                {% if vulnerability.kev.date_added %}
                                    <tr>
                                        <td class="two-col-left">
                                            <span
                                            class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                            data-tooltip="The date vulnerability was added to the catalog in the format YYYY-MM-DD">
                                            Date Added:
                                            </span>
                                        </td>
                                        <td class="two-col-right">{{ vulnerability.kev.date_added }}</td>
                                    </tr>
                                {% endif %}
    
                            </tbody>
                        </table>
                </div>
            {% endif %}
        
            {% for severity in severities %}
                {% if severity.scoring_system == 'epss' %}
                    <div class="tab-div content" data-content="epss">
                    <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-1">
                        Exploit Prediction Scoring System
                    </div>
                    <table class="table vcio-table width-100-pct mt-2">
                            <tbody>
                                <tr>
                                    <td class="two-col-left">
                                        <span class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                                data-tooltip="the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score">
                                                Percentile:
                                        </span>
                                    </td>
                                    <td class="two-col-right">{{ severity.scoring_elements }}</td>
                                </tr>

                                <tr>
                                    <td class="two-col-left">
                                        <span class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                                data-tooltip="the EPSS score representing the probability [0-1] of exploitation in the wild in the next 30 days (following score publication)">
                                                EPSS score:
                                        </span>
                                    </td>
                                    <td class="two-col-right">{{ severity.value }}</td>
                                </tr>
                                
                            {% if  severity.published_at %}
                                <tr>
                                    <td class="two-col-left">
                                        <span
                                        class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                        data-tooltip="When was the time we fetched epss">
                                        Published at:
                                        </span>
                                    </td>
                                    <td class="two-col-right">{{ severity.published_at }}</td>
                                </tr>
                            {% endif %}    

                            </tbody>
                    </table>
                </div>
                {% endif %}
            {% empty %}
                 <div class="tab-div content" data-content="epss">
                      <tr>
                            <td>
                               There are no EPSS available.
                            </td>
                      </tr>
                 </div>
            {% endfor %}

            <div class="tab-div content" data-content="history">
                <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
                    <thead>
                        <tr>
                            <th>
                                <span
                                    class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                    data-tooltip="The date that the vulnerability was imported (collected) or improved.">
                                    Date </span>
                            </th>
                            <th>
                                <span
                                    class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                    data-tooltip="The process that created or updated the vulnerability."> Actor </span>
                            </th>
                            <th> <span
                                    class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                    data-tooltip="Imported or Improved"> Action </span> </th>
                            <th> <span
                                    class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                    data-tooltip="The public service that published the advisory or related information."> Source </span> </th>
                            <th> <span
                                    class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                    data-tooltip="The version of VulnerableCode that performed the action. ">
                                    VulnerableCode Version
                                </span> </th>
                        </tr>
                    </thead>
                    {% for log in history %}
                    <tr>
                        <td class="is-break-word wrap-strings">{{ log.get_iso_time }}</td>
                        <td class="is-break-word wrap-strings">{{ log.actor_name }}</td>
                        <td class="is-break-word wrap-strings">{{ log.get_action_type_label }}</td>
                        <td class="is-break-word wrap-strings"> <a href="{{ log.source_url }}" target="_blank">{{log.source_url }}</a></td>
                        <td class="is-break-word wrap-strings"> {{ log.software_version }} </td>
                    </tr>
                    {% endfor %}
                </table>
            </div>
        </div>
    </div>
</section>
{% endif %}

<script src="{% static 'js/main.js' %}" crossorigin="anonymous"></script>

<script>
    function goToTab(tabName) {
        const activeLink = document.querySelector('div.tabs.is-boxed li.is-active');
        const activeTabContent = document.querySelector('div.tab-div.is-active');

        activeLink.classList.remove('is-active');
        activeTabContent.classList.remove('is-active');

        const target_id = document.querySelector(`[data-tab='${tabName}']`);
        const targetTabContent = document.querySelector(`[data-content='${tabName}']`);

        target_id.classList.add('is-active');
        targetTabContent.classList.add('is-active');
    }
</script>


{% endblock %}